NOYB, a non-profit organisation whose name means None Of Your Business, said it had filed a complaint with Austria's Data Protection Authority against services including Netflix, YouTube, Amazon Prime and Spotify.
NOYB says the services have violated the EU's General Data Protection Regulation (GDPR) by not granting users access to data that companies hold on them or information about how the data is used.
Privacy campaigner Max Schrems, one of the founders of NOYB, said the issue of access to such data was one of the most common reasons people got in touch with the NGO.
On Netflix, for example, “you can figure out a lot about someone's personal behaviour and even political leanings from the data they have — what you're watching, the times of day you're watching, who you're watching it with,”
Schrems told AFP.
NOYB tested the provisions of the GDPR by asking eight major streaming services for access to data.
It said two failed to respond and the rest did not provide the data in an intelligible format nor gave additional background information that users are also entitled to.
“The 'front ends' of these websites look nice, welcoming and compliant but really the data is stored in the 'back ends' — we want to bring more transparency to these data 'black boxes',” Schrems said.
In theory, the EU's data regulations provide for heavy financial penalties for companies who break them.
Schrems has previously brought cases against Facebook and other tech firms in several European countries.
In 2015 he brought down the EU's former “Safe Harbour” data sharing arrangement after he sued Facebook in Ireland over the transfer of personal information by Facebook from Europe to the United States.